The Obama administration has announced sanctions against Russia - including the expulsion of 35 intelligence operatives - as punishment for cyberattacks that interfered with the U.S. presidential election. Plus, the administration has declassified technical information on Russian intelligence services' malicious cyber activities to help public and private-sector network defenders - in the U.S. and abroad - identify, detect and disrupt Russia's global campaign of mischievous cyber actions.

President Obama took the action on Dec. 27 after repeated private and public warnings to the Russian government, characterizing the sanctions as "a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior. All Americans should be alarmed by Russia's actions."

The president added that the theft of data and its disclosure - a reference to information that leaked about Democratic presidential candidate Hillary Clinton - "could only have been directed by the highest levels of the Russian government," a reference to Russian President Vladimir Putin, who wasn't mentioned by name (see Obama Suggests Putin Behind Hacks to Influence Vote).

The administration did not reveal any cyber response to the Russian hacks. "These actions are not the sum total of our response to Russia's aggressive activities," Obama said. "We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized."

Trump Could Reverse Sanctions

President-elect Donald Trump, if he wants, could withdraw them, according to a top Obama administration official.

Hours after the announcement of the sanctions, Trump said he'll meet with intelligence community leaders about the breaches. "It's time for our country to move on to bigger and better things," Trump said in a statement. "Nevertheless, in the interest of our country and its great people, I will meet with leaders of the intelligence community next week in order to be updated on the facts of this situation."

Kremlin Press Secretary Dmitry Peskov immediately characterized the sanctions as "a manifestation of an unpredictable and even aggressive foreign policy," according to RT.com, a Russian government-backed news service. "Considering the current transition period in Washington, we still expect that we'll be able to get rid of such clumsy actions ... of behaving like a bull in a china shop, and that we'll be able to make mutual joint steps to enter on the path of normalization of our bilateral relations."

Hacking Details Declassified

In addition to the sanctions against the Russians, the Department of Homeland Security and FBI plan released a joint analysis report that includes information on computers Russian intelligence services have co-opted without the knowledge of their owners. DHS labeled Russian malicious cyber activity as Grizzly Steppe.

The Russians used those computers, located around the world, to launch cyberattacks in ways that made it difficult to trace them back to Russia. In some cases, the White House says, the cybersecurity community was already aware of this infrastructure. In other cases, this information is newly declassified by the U.S. government.

The joint analysis report also includes newly declassified data that should help enable cybersecurity firms and other network defenders to identify certain malware that the Russian intelligence services use. The administration says it hopes network defenders will use this information to identify and block Russian malware, forcing the Russian intelligence services to re-engineer their malware.

How Russian-Tied Groups Hacked Democratic Party IT in 2015

In the joint analysis report, the administration reveals how Russian intelligence services typically conduct their activities. The report says this information should help network defenders better identify new tactics or techniques that a malicious actor might deploy or detect and disrupt a continuing intrusion.

How Russian Hackers Conduct Phishing Campaigns

APT28's use of spearphishing and stolen credentials. Source: DHS

In addition to the expulsion of the 35 Russian operatives, the White House imposed sanctions on Russia's two major intelligence services - the military's Glavnoye Razvedyvatelnoye Upravleniye, or GRU, and the civilian Federalnaya Sluzhba Bezopasnosti, or FSB. The administration also sanctioned four top officers of the military intelligence unit who are believed to have ordered attacks on the Democratic National Committee and other political groups.

Treasury Secretary Jack Lew identified two Russian individuals who he said used cyber-enabled means to cause misappropriation of funds and personally identifiable information. The State Department also shuttered two Russian compounds, in Maryland and New York, used by Russian agents for intelligence-related purposes.

Two Republican senators, Lindsey Graham of South Carolina and John McCain of Arizona, depicted the sanctions as too little, too late. In a joint statement, the senators said: "The retaliatory measures announced by the Obama administration today are long overdue. But ultimately, they are a small price for Russia to pay for its brazen attack on American democracy. We intend to lead the effort in the new Congress to impose stronger sanctions on Russia."

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.